Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mismatch with Checksums?

    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    5
    3.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zod
      last edited by

      Greetings,

      It appears the checksums for the current build on the i386 branch (i.e. pfSense-Full-Update-2.0-RC3-i386-20110812-0745.tgz) are not matching up with the associated md5 and sha256 files.  Following are the files I used to verify the download:

      –> pfSense-Full-Update-2.0-RC3-i386-20110812-0745.tgz.md5

      -->  pfSense-Full-Update-2.0-RC3-i386-20110812-0745.tgz.sha256

      Last modified timestamp indicates:

      --> 12-Aug-2011 09:39

      Also noticed Auto Update could not verify the image of the update.  Got the following error message:

      --> php: /system_firmware_auto.php: The command '/usr/local/sbin/gzsig verify /etc/pubkey.pem < '/root/latest.tgz'' returned exit code '3', the output was 'Invalid gzip file Couldn't verify input'

      Is this a known issue, or something else?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        MD5 checksum verifies fine for me.
        Your download is probably corrupt.

        Steve

        1 Reply Last reply Reply Quote 0
        • Z
          zod
          last edited by

          Downloaded the file again and the checksums now match.

          Thanks,

          1 Reply Last reply Reply Quote 0
          • Z
            zod
            last edited by

            After downloading the file a second time and verifying the checksums matched, I got the following message when attempting to upload the firmware update:

            **This image is not digitally signed.
            This means that the image you uploaded is not an official/supported image and may lead to unexpected behavior or security compromises. Only install images that come from sources that you trust, and make sure that the image has not been tampered with.

            Do you want to install this image anyway (on your own risk)?**

            For the record, the firmware update I attempted to upload was pfSense-Full-Update-2.0-RC3-i386-20110812-1427.tgz (i.e. http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_RELENG_2_0/updates/pfSense-Full-Update-2.0-RC3-i386-20110812-1427.tgz) with last modified timestamp of 12-Aug-2011 16:26.

            This appears to be consistent re: Auto Update not able to verify the update in webConfigurator.  Are snapshots digitally signed and/or is this normal behavior?

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              The daily snapshots are not signed.
              Only the releases on the mirrors are signed.
              This is normal behaviour. If you want/need to use the latest snapshots you need to check the 'Allow auto-update firmware images with a missing or invalid digital signature to be used' box in System: Firmware: Updater Settings.

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post